cilium

1
# CLOMonitor metadata file
2

3
exemptions:
4
  - check: slack_presence
5
    reason: "The Cilium slack community can be found at http://slack.cilium.io/" # Justification of this exemption
6

7
  - check: dangerous_workflow
8
    reason: >
9
      "It is safe to run code checkout '${{ github.event.pull_request.head.sha }}' 
10
      and 'github.event.pull_request.head.ref' in .github/workflows/build-images-base.yaml 
11
      as this workflow is only permitted to be executed after an explicit approval of a 
12
      subset of committers."
13

14
  - check: signed_releases
15
    reason: >
16
      "All Cilium release images are cryptographically signed during build by cosign. 
17
      Images are hosted in Quay. OpenSSF Scorecard check is currently limited to repositories 
18
      hosted on GitHub, and does not support other source hosting repositories."
19

20
  - check: token_permissions
21
    reason: >
22
      "Reason to use every non-read-only token in GitHub workflows is commented in the respective workflow files."
23